Fortra is actively researching new vulnerabilities in Palo Alto PAN-OS – CVE-2024-0012 and CVE-2024-9474. When combined, these two vulnerabilities allow for an exploit chain to achieve remote code execution. The first CVE allows an unauthenticated attacker with access to the web management interface to gain administrator privileges on the PAN-OS device, while the second CVE allows administrators to perform actions on the firewall with root privileges. Palo Alto has released fixed versions of PAN-OS to address these vulnerabilities, and customers are recommended to upgrade as soon as possible.

Fortra is actively researching a vulnerability in Palo Alto Networks Expedition – CVE-2024-5910. Palo Alto Networks Expedition is a tool designed to assist with migrating other vendor configurations to Palo Alto devices. CVE-2024-5910 allows attackers to remotely reset administrator credentials, gaining complete access to Expedition and all of the data stored within. Customers are recommended to upgrade to a fixed version of Expedition.

Fortra is actively researching a new vulnerability in FortiManager – CVE-2024-47575. A critical function in FortiManager fgfmd daemon may allow a remote unauthenticated attacker to execute code or commands via specially crafted requests. FortiGuard has released updates for FortiManager to address this vulnerability, which should be implemented in customer systems as soon as possible.

Fortra is actively researching critical vulnerabilities in VMware vCenter Server – CVE-2024-38812 and CVE-2024-38813. By exploiting these vulnerabilities, a malicious actor with network access to vCenter Server could send specially crafted network packets to achieve remote code execution and escalation of privileges. These vulnerabilities were initially published on September 17, 2024, and announced via advisory VMSA-2024-0019. However, after further research, VMware determined that the patches did not fully address CVE-2024-38812 and released VMSA-2024-0019.2 with new updates to address these issues fully. Customers are strongly encouraged to apply the new patches, even if the patches from the initial advisory have already been applied.

Fortra is actively researching vulnerabilities in NVIDIA Container Toolkit. A malicious container can exploit these vulnerabilities to gain access to the host filesystem in read-only mode. Successful exploitation and subsequent actions can lead to code execution and privilege escalation. The greatest risk appears to be that an attacker can escape from their container and gain control over other containers on the same host. NVIDIA has released patched versions of the affected products. Customers are recommended to update to a patched version as soon as possible.